Can we change url from https to http from iframe loaded inside base url? - facebook

Facebook App page will get a SSL error when coming from secure hypertext protocol(https)) Facebook account to non secure(http) Facebook App Page, which happens due to lack of SSL Certificate in Facebook App hosted server. I am trying to change base url from httpsto http to avoid SSL error.
Is it possible to change base url from https to http from iframe?

Is it possible to change base url from https to http from iframe?
Even if it is, that’s no solution to your problem – because the iframe content will be pulled over HTTPS first, if the user is browsing Facebook over HTTPS – and since you app does not support HTTPS, this will fail already. So you will not even get to a point where code from your app will be loaded, let alone executed, in this scenario.
You’ll have to get an SSL certificate for your app domain.

Related

Facebook Login - URL Blocked - Can't add new redirect URI's

I have a website that uses the Facebook Login feature successfully and it still works as we speak. But I want to use the same facebook app on another website using the same keys etc...
But for some reason, even though I have added the correct URI's into the OAuth part of the Facebook page, I still get:
URL blocked: This redirect failed because the redirect URI is not
white-listed in the app's client OAuth settings. Make sure that the
client and web OAuth logins are on and add all your app domains as
valid OAuth redirect URIs.
Does anyone have any ideas on where I can start to find out why Facebook isn't accepting these new urls?
Okay, it seems to be working now - perhaps was a timing issue which was wierd because it updated straight away on previous sites.
Thanks again for the help though WizKid!

Facebook users which have their save surfing account setting to unsecured cannot visit a secured Facebook App

If you have the Save Surfing setting in your account settings in Facebook set to unsecured, you notice you use Facebook via HTTP. Of course if you set it to On, you surf via HTTPS.
Now all Facebook apps are using HTTPS since Facebook doesn't allow apps to use HTTP since October 2011. But if a user (with no HTTPS on their Facebook account) wants to visit the Secured HTTPS App it just gives an empty page.
Is this a bug from Facebook, or?
Now all Facebook apps are using HTTPS since Facebook doesnt allow apps to use HTTP since October 2011.
That’s not true.
All canvas/page tab apps must offer the option to be accessed via HTTPS – but should offer HTTP as well.
But if a user (with no HTTPS on there Facebook account) wants to visit the Secured HTTPS App it just gives an empty page. Is this a bug from Facebook, or?
No, this is an error on your (resp. the app developers) part – in the app settings, there should be URLs set for both HTTP and HTTPS.
If that’s the case, then a user browsing Facebook via HTTP has no problem accessing the app as well.

Facebook sends a blank signed request for secured app when accessed by http

I have an app that only runs on https. So my Pag Tab URL and Secured Page Tab URL have the same https url.
I have noticed that I get a blank signed request for users who are using Facebook on http.
Is there a way by which I can get the users to see my secured content even when they are accessing facebook from http?
Facebook says that this configuration is not supported by design. Apps must be available via both HTTP and HTTPS.
Source: http://developers.facebook.com/bugs/210713629051920/
Unfortunately it is necessary you always provide a HTTP alternative
for FB users who want to visit your App under HTTP. In your specific
case, in your http endpoint you will be able to display an specific
message to these users encouraging them to visit the HTTPS version of
your App.

Do I need to support ssl on my site that allows login through facebook connect

My site allows users to login through facebook coonect. Do I need to support ssl on my site by Oct 1?
Will greatly appreciate your input.
Thanks,
cody
IF you conform to the following sentence, you must support SSL by Oct 1st:
an SSL Certificate is required for all Canvas and Page Tab apps
See https://developers.facebook.com/docs/oauth2-https-migration/ for more details.
It seems like if you are not using Canvas or Page Tab ON FB, then SSL won't be required on your site for FB Connect. You will have to make the api call to FB over SSL and must config your app to use OAuth 2 -- for the JS SDK that means setting oauth:true. See https://developers.facebook.com/docs/oauth2-https-migration/
Only on *.facebook.com are you required to use an SSL certificate. More specifically, you must specify a URL that begins with https:// for your canvas URL as of Oct. 1st. When https://apps.facebook.com/<YOUR_URL> or https://www.facebook.com/<YOUR_URL> loads your IFRAME, the IFRAME url must begin with https.
However, you do not need to support SSL on your website outside of Facebook. If you use Facebook for Websites, you need to make no change to that portion of your Facebook implementation.
The idea is that one day all traffic on facebook.com will be https by default, and they don't want mixed content warnings when https://*.facebook.com loads up your IFRAME url.

Facebook App redirecting to https

My facebook application is redirecting to https can somebody help me i dont have ssl on my server and i want to keep the app on http, with https it generate the following error
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
Here is an article that gives a good run down on this, Hyper Arts Blog.
It appears that facebook is going to encourage secure browsing and the only way to avoid end user warnings is to set yourself up with a secure site.
You have setup your facebook app to have a secure canvas. Try removing it.
Also, your own personal facebook settings probably have https usage enabled... https://www.facebook.com/blog.php?post=486790652130... Try unchecking that settings.
If you don't provide a secure canvas the user's (who has requested facebook use https when possible) browsers is supposed to ask the user if they can go to the unsecured site... but we are talking facebook here so expect the unexpected.